CSP

Content Security Policy: an HTTP header that tells browsers which sources of scripts, styles, and other resources are allowed to load.

CSP (Content Security Policy) is an HTTP response header that lets a site declare an allowlist of origins for scripts, styles, images, frames, and other resources. A strict CSP is one of the most effective defences against cross-site scripting: even if an attacker injects a `<script>` tag, the browser refuses to execute it unless the source matches the policy. CSP also supports nonces, hashes, and reporting endpoints that send violation reports back to the site owner. A weak or absent CSP is one of the most common findings in any modern web security audit.

Reference

W3C CSP Level 3

Related terms

HSTS
WAF
HTTPS

Referenced on

DNS Checker Bot & Scanner Documentation
DNS Security Dashboard
HTTP Header Checker
HTTP Security Headers Analyzer & Generator
HTTP Status Codes Reference (1xx
Subdomain Takeover: How Dangling DNS Records Let Attackers Hijack Your Domain

Back to the full glossary

Reference

Related terms

See also

Referenced on